The news story about the Chinese hacker corps getting into the Eastern Naval Command (ENC) data net and stealing information related to the Arihant nuclear submarine came as no surprise. Like everything else they do, the Chinese are thorough in casing out likely adversaries as part of their military preparedness regime.

The senior echelon in government had been warned through unofficial channels about the Chinese achieving improbably high levels of access into ostensibly “fire-walled” servers with the Bhabha Atomic Research Centre (BARC), Trombay, missile design facilities (such as the Advanced Systems Laboratory, Hyderabad) and other critical DRDO installations, the ministry of defence and the various service headquarters and, perhaps, even the Prime Minister’s Office (PMO).

How vulnerable such agencies are can be gauged from the fact that at one point in time not too long ago Indian hackers forcefully assumed control of the Indian Navy, Indian Air Force, and BARC servers(named after Indian rivers — Ganga, Yamuna, Saraswati, etc.). A more malicious force intent on harm could on that occasion have wreaked merry havoc, sucked out information, and secreted away bugs of the kind the Chinese hackers placed in the Indian Eastern Naval Command computer network designed to relay targeted classified information to external sources. There’s no guarantee this was not done.

One might, in the circumstances, wonder just what it is that official Indian agencies tasked with cyber defence are doing. The supposedly premier National Technology Research Organisation (NTRO), like every other institution in the overly bureaucratised Indian state, is busily aggrandising turf and monopolising capability but, by itself, has conducted near zero offensive or even defensive cyber operations — the reason why the Indian government remains exposed to almost any passing cyber threat.

Heavy financial investments in NTRO have so far led to it successfully warding off Research & Analysis Wing’s (RAW) attempts to have its own offensive cyber operations cell, for instance, but not to its mounting even a single sustained offensive against Chinese networks. Such offensive programmes, protocols, and algorithms as have been created are products of informal Indian hacker groups working for the NTRO. Except NTRO has expropriated and passed off this work as its own and won laurels for itself!

NTRO, which is manned by DRDO stalwarts, like the RAW, has huge funds at its disposal for which there is no accountability, affording ample opportunities for siphoning off public monies. How is this done? One method, as already indicated, is to hire highly motivated young privateers who hack as serious hobby but are eager to do their bit for the nation. They are promised much but paid a pittance and that too tardily, thereby de-incentivising them. By one account, as much as nine-tenths of any sanctioned expenditure is thus spirited away. NTRO, in other words, is yet another vehicle for unreported scams on a vast scale. If this organisation is proving to be more a cyber liability than help, what are the other agencies in the same business up to?

The Headquarters Integrated Defence Staff, ministry of defence, has under its wing the Defence Information Assurance and Research Agency. It is manned by veteran officers from the EME (Electrical and Mechanical Engineers) Corps of the Indian Army, who have almost no clue about the cyber warfare domain, leave alone what to do in it.

The Indian Navy and the Indian Air Force have separately developed capabilities for engaging in purely defensive operations. They can repel cyber strikes and penetration attempts — apparently not all that well in light of the Chinese cyber infection of the ENC communications hub — but cannot counter-attack.

Extant Indian cyber capability and efforts are, in actuality, so pathetic that NTRO has stalled exploratory inquiries by the US National Security Agency to jointly develop means to attack and defeat the Chinese cyber threat. NTRO understandably fears that any collaborative work with professional American organisations will quickly reveal them as poseurs and frauds or, at the very least, as incompetent.

The trouble is, despite boasting of incomparable cyber talent in the country in the non-governmental sphere, India is saddled with a government, a science and technology establishment, and a military that are strictly industrial age. It is doubtful if anybody in the PMO, for instance, knows anywhere near enough to appreciate the basic fact of cyber reality — that the most inspired offensive and defensive cyber operations and breakthroughs are done by youngsters barely out of school who can negotiate their way through the most complicated protection schemes and plant “logic bombs” in heavily defenced communication networks on a dare or just to show off to their peers.

This enormous human resource wealth is available and can be mobilised for the national cause by offering these computer whiz-kids not babu pay scales and suffocating bureaucratic environs of work but freedom to operate as they wish to overcome meaty challenges. Of course, they have to be compensated directly and well (without intervening organisations decanting the moolah). Pitting a huge number of teams of these young guns hired by military and intelligence agencies — the more of them the better — to compete with each other in relentless offensive, defensive and pre-emptive cyber campaigns, bypassing the usual mode of government functioning, is a desperate need. They would seriously discomfit any adversary — something the wretched NTRO and other, cyber-wise Neanderthal, government organisationscannot ever dream of doing.

The problem, however, is the reliance on technology imports. Everyone is aware of the Chinese Army-controlled Huawei telecommunications company being permitted to sell area networks, including switching systems in India, on the condition that its wares are certified by a Huawei-funded centre at Indian Institute of Science, Bangalore. This is a joke considering the centre is given select units to examine.

Worse, the Indian government talks incessantly of “buying Indian” but its agencies as studiously purchase possibly compromised cyber software and enabling systems from RSA, Cisco, etc., rather than support indigenous development of comparable software and hardware, such as the enormously efficient router developed by IIT Mumbai. In the event, one should be prepared for cyber-savvy states like China to disable the Indian government and military at will early in any crisis.

Share this:

Like this:

LikeLoading...

Related

About Bharat Karnad

Senior Fellow in National Security Studies at the Centre for Policy Research, New Delhi, he was Member of the (1st) National Security Advisory Board and the Nuclear Doctrine-drafting Group, and author, among other books of, 'Nuclear Weapons and Indian Security: The Realist Foundations of Strategy', 'India's Nuclear Policy' and most recently, 'Why India is Not a Great Power (Yet)'. Educated at the University of California (undergrad and grad), he was Visiting Scholar at Princeton University, University of Pennsylvania, the Shanghai Institutes of International Studies, and Henry L. Stimson Center, Washington, DC.

10 Responses to Cyber Neanderthals

Isnt India’s external agency- RAW capable to set up a cyber defense network and counter attack the cyber infiltration?? Or it is the over bureaucratisation and high political influence in RAW that it just act as a puppet in hands of leviathan indian state?

If the state is like a sloth as far as cyber issues are concerned, can’t Indian hackers with a patriotic bent of mind organize themselves into teams conducting offensive cyber operations ?
Information about adversary states obtained through such means can then be passed on to the relevant authorities.

I mean to suggest that there seems to be a possibility of organizing a large number of people with the relevant skills (and a patriotic as opposed to left liberal attitude) into part time hackers performing cyber operations as an activity in addition to the main source of income.

While this is not a complete substitute for a full time cyber warfare corps, this is a low cost gap filler: further, given that a fair fraction of people in the IT industry appears to spend time “on the bench”, such time can be utilized for this sort of activity (which means that some of it would effectively be funded by the IT industry).

GoI should twist some arms in the IT sector to enable such an arrangement if need be. Further, the law enforcement mechanisms should turn a blind eye to such “cybercrime’.

Such an arrangement is likely to make a big difference. What is your opinion ?

I also read that ECIL has begun manufacture of the IIT Mumbai router. Wont this go a long way in ensuring network security ?

On a related note: ISRO has developed the Vikram microprocessor for guidance purposes. Do Agni V, etc use such a indigenous microprocessor or do they use imported ones ? It seems to be a better idea to use Vikram type microprocessors even if they may be less sophisticated than the latest videshi electronics…

India, an “IT Superpower”. Get real, and have a look at the results of the Google code jam. The Indians can’t even produce good programmers, let alone physicists and engineers who understand and can design cyber warfare infrastructures.

Why is the GOI always playing by the red tape??? what is the fun of so many IITs, NITs and IIITs??……govt should mobilise these students as part of mandatory national service atleast for 2 years alongside their regular curriculum…